VPN Client certificates from Microsoft CA

Unanswered Question

Is there any way to use Microsft CA certificates that are enrolled via the MS CA web service and not the Cisco VPN Client? I find that these certificates are imported okay, but are always placed in the RA store where they cannot be selected for certificate authentication. If I create an enrollment request through the client and then submit that to the MS CA, the resulting certificate is imported correctly. Can someone educate me on what the VPN client is specifying in the enrollment request to create the accepted cert? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Thu, 10/18/2007 - 14:07
User Badges:
  • Bronze, 100 points or more

Yes Cisco VPN client with Microsoft CA server certificate able to connect to VPN Concentrator. In order to resolve this issue, ensure that the time is configured properly on both the VPN Concentrator and the CA server. The use of Network Time Protocol (NTP) on both the VPN Conentrator and the CA server allows you to keep time in sync. Clocks in many devices tend to drift a few seconds per day. Exact time synchronization is important for systems on a network so that protocol timestamps and events are accurate. Digital certificates, for example, carry a timestamp that determines a time frame for their validity. An inaccurate time or date can prevent connection.



Actions

This Discussion